Anti-Terrorism Legislation

Response to Terror

After the Sept. 11 terrorist attacks, Attorney General John Ashcroft sought expansion of governmental police powers, which may be as troubling as it is reassuring to CIOs. Many provisions of the antiterrorism legislation debated last month in Congress?which aims to expand federal electronic surveillance powers and give investigators access to more corporate records?have been kicking around for years. Law enforcement officials wanted them mainly to pursue drug dealers using cell phones and e-mail. But in the unfettered ’90s, these ideas went nowhere because civil libertarians and company executives alike saw too much potential for officials to abuse their power and quash the online economy. But most Americans now seem to think that less privacy is a small price to pay to sniff out terrorists.

Stewart Baker, a lawyer with Washington, D.C.-based law firm Steptoe and Johnson and former general counsel for the National Security Agency, sees little direct impact on most companies from this first round of legislation. Provisions that would give investigators the right to subpoena Internet addresses and credit card information would mainly affect ISPs and financial institutions. Unless you are the CIO of the Cali cartel, Baker says, you probably won’t see the FBI knocking on the door to your data center too often.

But the prevailing mood in Congress is to get as much information into investigators’ hands as possible. According to House and Senate staff members, that means future legislation will seek to obtain more data from private sources, including both individuals and businesses. Lawmakers aren’t saying yet what else they plan to pull out of their hats, but an aide to Sen. Patrick Leahy (D-Vt.), chairman of the Senate Judiciary Committee, says, “There’s no question that this [antiterrorism legislation] is just the initial request from the administration.”

The attacks have already given new life to other unresolved debates, such as whether the federal government should have the keys to open encrypted data files that suspects exchange online. Sen. Judd Gregg (R-N.H.) says he’s heard for years that the FBI needs to be able not just to intercept e-mail from suspected criminals and terrorists, but also to read any scrambled messages. He wants hardware and software companies to build decoding capability into their encryption products. Technology companies counter that giving government this decryption power would cripple consumer faith in e-commerce.

Meanwhile, a recent executive order from President Bush that is designed to combat money laundering could affect anybody who handles money, not just big banks, notes Baker. The order expands the list of organizations with suspected terrorist ties with which U.S. companies are forbidden to do business. Baker thinks that could result in such a large list of people and businesses that are off-limits that CIOs would need to install systems to prevent such transactions.

Baker says that if it turns out that terrorists operating in the United States took advantage of the way business is done here, Congress won’t hesitate to change the rules. At press time, Congress was debating a provision in antiterrorism legislation that would require consumer credit reporting agencies to give the government any information related to a terrorism investigation. Civil liberties advocates such as Rep. John Conyers (D-Mich.) say individual rights are at the greatest risk “at times of inflamed passions and national anger.” Today, it’s not just individual rights but also freedom from government regulation of commerce that may be on the line. Even Conyers thinks fighting terrorism will probably require some concessions by individuals and the private sector to improve public security.